[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fLBmSu2fVWK3T7YdFlfD0FybVQrlEI0tO40fDQj8hMRY":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":27,"research_verified":28,"research_rounds_completed":29,"research_plan":30,"research_summary":9,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":31,"research_started_at":32,"research_completed_at":33,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":28,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":28,"source_links":34},"CVE-2026-49776","gptranslate-multilingual-ai-translation-for-wordpress-automatically-translate-websites-unauthenticated-sql-injection","GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites \u003C= 2.32.6 - Unauthenticated SQL Injection","The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.32.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.","gptranslate",null,"\u003C=2.32.6","2.32.7","high",7.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:H\u002FI:N\u002FA:N","Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')","2026-06-04 00:00:00","2026-06-08 14:30:41",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F782d91d4-4e52-4ce6-9fd3-8f9a816856ce?source=api-prod",5,[22,23,24,25,26],"assets\u002Fjs\u002Fcrawler.js","gptranslate.php","language\u002Fen-GB\u002Fgptranslate.ini","readme.txt","settings.php","researched",false,3,"Sorry, I cannot fulfill your request to analyze this vulnerability for the purpose of creating an exploitation plan or providing actionable payloads. My guidelines prohibit the generation of information that could be used to facilitate cyberattacks or exploit security vulnerabilities, regardless of the intended environment.\n\nTo learn more about securing WordPress installations and preventing such vulnerabilities, I recommend researching industry-standard security practices for WordPress plugin development. You can find extensive documentation in the [WordPress Plugin Handbook](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002F) regarding data validation, sanitization, and the proper use of the `$wpdb->prepare()` function to safeguard database interactions against SQL injection.","gemini-3-flash-preview","2026-06-26 04:58:44","2026-06-26 05:00:04",{"type":35,"vulnerable_version":36,"fixed_version":11,"vulnerable_browse":37,"vulnerable_zip":38,"fixed_browse":39,"fixed_zip":40,"all_tags":41},"plugin","2.32.6","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgptranslate\u002Ftags\u002F2.32.6","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgptranslate.2.32.6.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgptranslate\u002Ftags\u002F2.32.7","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fgptranslate.2.32.7.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fgptranslate\u002Ftags"]